The results from UK Government’s fifth Cyber Security Breaches Survey was published yesterday and we have picked out the key points so you don’t have to.
The survey uses both quantitative and qualitative methods of research, which for the purposes of this latest survey were carried out in winter 2019 and early 2020 respectively. Medium sized businesses are defined as those with 50 to 249 employees and large businesses 250 or more employees.
- Cyber attacks have evolved and become more frequent since the first survey was conducted in 2017
- 46% of businesses have reported having cyber security breaches or attacks in the past 12 months
- The frequency of cyber attacks and breaches are highest among large business – 75% having experienced an attack or breach within the past 12 months – whilst 68% of medium sized businesses have been affected
- Since 2017 there has been a 10% increase in businesses identifying breaches or attacks on a weekly basis (22% in 2017 to 32% in 2020)
- Phishing is the primary threat, with those business experiencing phishing attacks increasing from 72% in 2017 to 86% in 2020
- There has been a fall in viruses and malware, which have dropped from the cause of 33% of breaches and attacks in 2017 to 16% on 2020
- More than half of those businesses who took part (53%) in the study say staff use their own device to carry out work-related activities; known as bringing your own device (BYOD)
- 81% of businesses state that they have a password policy to ensure that users set strong passwords
- 77% of large businesses have a formal policy, or policies in place covering cyber security risks
- 12% of large businesses have suffered a breach through unauthorised use of computers or networks by staff
- 62% of medium and large businesses have suffered a breach through impersonation
- The damage inflicted on businesses through viruses or ransomware, hacking attempts or other unauthorised use of their computers or networks is far greater than more common types of breaches and attacks (54% via less common cyber attacks suffered a negative outcome through data or money loss vs 19% for more common types of attacks and breaches)
As the researchers conclude, there is still considerable room for improvement. The high prevalence of companies still using password-based authentication is concerning.
The increasing number of employees taking advantage of BYOD, and the heightened negative impact that unauthorised access to company networks and systems is having looks to be a perfect storm.
Cyber security is highlighted as a high priority amongst the businesses that took part in the survey, however the implementation of best practice cyber security largely appears to be an afterthought in response to broader technological changes.
At Intercede we believe there is no place for passwords in today’s business environment and we encourage all companies to familiarise themselves with the authentication pyramid. Using the framework of the authentication pyramid, IT leaders can proactively outline a suitable method of multi-factor authentication that works for their organisation and workforce.
Mitigating the risk of unauthorised access doesn’t have to be expensive or difficult to implement and manage.
At Intercede our MyID Professional credential management software provides the management businesses with deployments of 500 upwards need to issue and manage credentials using strong, crypto-based multi-factor authentication – using the Microsoft architecture many businesses already have deployed.
Contact us now using the form below to find out more about MyID Professional or to arrange a demo.
To view the full results from the UK Government’s Cyber Security Breaches Survey 2020, go to: https://www.gov.uk/government/publications/cyber-security-breaches-survey-2020/cyber-security-breaches-survey-2020